二进制环境下的缓冲区溢出漏洞动态检测

提出一种在二进制环境下挖掘缓冲区溢出漏洞的方法。结合动态与静态挖掘技术对二进制环境下的程序作进一步的漏洞查找。静态方法主要对二进制程序中函数栈帧的特征和汇编语句的内在语义关系进行分析,动态模拟方法为程序和函数提供了一个虚拟的运行环境,使程序在运行过程中结合一些静态特性得到该函数缓冲区变量的内存读写语义,最终判定程序中是否有缓冲区溢出。     

“二进制审核”方式的缓冲区溢出漏洞挖掘

提出一种在二进制环境下挖掘缓冲区溢出漏洞的方法。结合动态与静态挖掘技术对二进制环境下的程序作进一步的漏洞查找.静态方法主要对二进制程序中函数栈帧的特征和汇编语句的内在语义关系进行分析,动态模拟方法为程序和函数提供了一个虚拟的运行环境,使程序在运行过程中结合一些静态特性得到该函数缓冲区变量的内存读写语义,最终判定程序中是否有缓冲区溢出。     

基于动态二进制转换技术的DOS环境模拟器的实现

二进制翻译技术是从一种指令集到其他指令集的代码转换技术,可用以解决移植代码到新硬件平台时的重编译问题。旨在设计和实现一种DOS环境模拟器。该模拟器基于动态二进制指令转换技术,通过对X86指令的动态翻译,结合对外设模拟技术、系统中断模拟方案等一些关键技术的研究,最终使得原先在DOS系统中运行的应用程序无需重新编译,就能在多种异构体系平台上正确地运行。通过对翻译块进行有效的组织管理,使得该动态翻译得到很好的运行性能。     

元数据展开的动态二进制翻译寄存器化优化

动态二进制翻译技术可以使编译好的二进制代码无缝运行于其他架构下,目前得到越来越广泛的应用.由于在动态翻译执行的过程中缺少程序的原始语义信息而只能采用保守的策略来保证程序的正确性,从而制约到动态二进制翻译的性能.为了解决这种不足,本文提出一种基于静态编译阶段产生的对性能有影响的元数据进行动态翻译中的寄存器化优化算法,进而来提高动态翻译器的整体性能.实验数据表明优化方法对于SPECfp2000和SPECint2000测试集分别获得了15.03%和1.21%的性能提升,其中的一些测试包的加速比甚至达到了37.09%.     

基于动态二进制翻译和插桩的函数调用跟踪

动态函数调用跟踪技术是调试Linux内核的重要手段.针对现有动态跟踪工具存在支持平台有限、运行效率低的问题,基于二进制翻译,设计并实现支持多种指令集的动态函数调用跟踪工具.首先,使用二进制翻译进行系统加载、分析内核镜像,识别基本块的分支指令类型.然后,根据不同平台指令集,设计桩代码并在函数调用与返回指令翻译时插入桩指令,进而在程序执行和内核启动时实时获取时间戳、进程标识、线程标识、函数地址等信息.最后,内核加载完毕后,处理获取的信息,生成过程函数调用图.只需要根据平台指令集特点设计对应的信息获取桩代码并插入到函数调用指令翻译代码中,实现简单,易于移植支持多种平台.该方法基于二进制翻译,直接对程序或内核镜像中的指令段、代码段、符号表进行分析,不依赖源码.拓展的中间代码和额外的目标码,不影响基本块连接、冗余代码消除、热路径分析等二进制翻译的优化方法,降低了开销.基于QEMU的实验结果表明：跟踪分析结果与源代码行为一致,桩代码执行信息记录产生了15.24%的时间开销,而信息处理并输出到磁盘文件产生了165.59%的时间开销,与现有工具相比,性能有较大提升.     

二进制翻译中解析多目标分支语句的图匹配方法

二进制翻译技术现已成为实现软件移植的重要手段.在二进制翻译系统中,如何有效地挖掘程序的代码并对其进行高效翻译是影响系统性能的关键,而二进制代码中间接跳转语句的存在,使得静态时难以得到它的跳转目标,影响了代码的发掘率和最终的翻译效果.在通常的应用程序中,间接跳转指令经常用来实现多目标分支语义,分支目标存放在跳转表中.提出了一种解析多目标分支语句及其跳转表的方法,能够挖掘出间接跳转的目标,进而对其进行有效翻译并提高二进制翻译系统的性能.该方法提出使用语义图来对预期语义进行刻画和表达.语义图能够对考察的指令序列进行语义提取,识别出与预期语义相匹配的指令流,还可以应对编译器在不同优化选项下生成的指令,并能有效滤除不相关指令带来的干扰.实验结果表明,对于SPEC CINT2000中的部分测试用例,代码翻译的覆盖率可以提高9.85%～22.13%,相应带来的性能提升可达到8.30%～17.71%,而使用的算法时间复杂度仅为O(1).     

二进制翻译中的X86浮点栈处理

二进制翻译系统是一种基于软件的跨平台代码迁移系统,它将一种体系结构的二进制代码翻译成另一种体系结构的二进制代码.二进制翻译可以用于解决遗产代码的迁移问题,也可以实现不同硬件平台之间软件的通用.浮点栈的处理已成为以X86为源的二进制翻译的研究中的关键性问题之一,如何处理X86浮点栈问题直接关系到以X86为源的二进制翻译系统的性能.针对X86浮点寄存器栈的特征,提出了一种扩展虚拟栈(extending virtual stack)处理方案.它采用归一的方法,保证了每个基本块中的运算所涉及到的浮点寄存器可以直接映射到目标机器中的浮点寄存器,确保了翻译的效率,并利用翻译时的分析避免了在入口处不必要的判断;同时还给出了在基本块入口处判别一个基本块是否会出现浮点栈上溢和下溢的充分必要条件,为生成更加高效的代码提供了条件.实验表明,它能够在保证正确实现其功能的前提下,获得更好的执行效率.     

一种基于自定义以太网帧的高速数据传输协议及在成像系统中的应用*

针对将TCP/IP协议栈运用在嵌入式成像系统中作为通信方式时所存在的传输速度较低的不足,提出一种将数据封装在自定义以太网帧中进行传输的通信方式,并针对这种方式实现了网卡的驱动,定义了3种帧格式它们分别用于启动曝光、数据传输、数据重传等,设计一种基于状态机的控制协议实现相机的控制及图像数据的传输,最终在硬件平台上实现基于这种方法的成像系统。实验测试表明在NiosII嵌入式处理器工作在150MHz、uCosII操作系统条件下,基于自定义以太网帧的传输方式能将图像数据的传输速率提升4倍以上,这种方式特别适用于传输速率要求较高且资源有限的嵌入式程序成像系统。     

动态二进制翻译中全寄存器直接映射方法

二进制翻译是不同体系结构之间软件移植的重要手段。体系结构和硬件环境上的差别,可以通过二进制翻译系统来弥补,在翻译过程中往往使用多条本地指令模拟一条目标指令,翻译代码规模随之显著增加,从而导致被翻译程序的执行效率下降。寄存器作为处理器和内存交换信息的重要存储部件,寄存器的模拟器方式对于程序的性能有着至关重要的影响。为了提高特定平台翻译后代码的执行效率,提出了在动态二进制翻译机制中使用全部寄存器直接映射方法,详细分析了二进制翻译中的上下文切换原理和寄存器访问范围,为异构平台之间寄存器直接映射提供方法指导。利用QEMU模拟器,把x86架构的8个通用寄存器全部的直接映射到MIPS架构的对应寄存器,在此基础上,进行大量的指令翻译规则的简化。实验数据表明,该方法可以有效简化指令翻译,降低代码膨胀率,使得SPEC CINT 2000测试程序在龙芯CPU上翻译后代码运行时间下降了30%-40%。     

基于动态符号执行的二进制程序缺陷发现系统

以对二进制程序进行自动化缺陷发现为目标, 基于软件虚拟机的动态二进制翻译机制和污点传播机制, 对符号计算需要关注的程序运行时语义信息提取、中间语言符号计算等机制进行了研究, 改进了传统动态符号执行的路径调度部分, 分析了程序缺陷的符号断言表达形式, 构建了一个在线式的动态符号执行系统检测二进制程序中的缺陷。实验验证了该方法在实际程序缺陷发现中的有效性。     

Only connect: teaching, technology and telesis

Abstract This paper describes an approach to the design of interactive multimedia materials being developed in a European Community project. The developmental process is seen as a dialogue between technologists and teachers. This dialogue is often problematic because of the differences in training, experience and culture between them. Conditions needed for fruitful dialogue are described and the generic model for learning design used in the project is explained.     

European Community policy and the market

Abstract This paper starts with some reflections on the policy considerations and priorities which are shaping European Commission (EC) research programmes. Then it attempts to position the current projects which seek to capitalise on information and communications technologies for learning in relation to these priorities and the apparent realities of the marketplace. It concludes that while there are grounds to be optimistic about the contribution EC programmes can make to the efficiency and standard of education and training, they are still too technology driven.     

一种自适应子融合集成多分类器方法

融合集成方法已经广泛应用在模式识别领域,然而一些基分类器实时性能稳定性较差,导致多分类器融合性能差,针对上述问题本文提出了一种新的基于多分类器的子融合集成分类器系统。该方法考虑在度量层融合层次之上通过对各类基多分类器进行动态选择,票数最多的类别作为融合系统中对特征向量识别的类别,构成一种新的自适应子融合集成分类器方法。实验表明,该方法比传统的分类器以及分类融合方法识别准确率明显更高,具有更好的鲁棒性。     

Avoiding semantic and temporal gaps in developing software intensive systems

Development of software intensive systems (systems) in practice involves a series of self-contained phases for the lifecycle of a system. Semantic and temporal gaps, which occur among phases and among developer disciplines within and across phases, hinder the ongoing development of a system because of the interdependencies among phases and among disciplines. Such gaps are magnified among systems that are developed at different times by different development teams, which may limit reuse of artifacts of systems development and interoperability among the systems. This article discusses such gaps and a systems development process for avoiding them.     

Designing economic np control charts: A programmed simulation approach

This paper presents control charts models and the necessary simulation software for the location of economic values of the control parameters. The simulation program is written in FORTRAN, requires only 10K of main storage, and can run on most mini and micro computers. Two models are presented - one describes the process when it is operating at full capacity and the other when the process is operating under capacity. The models allow the product quality to deteriorate to a further level before an existing out-of-control state is detected, and they can also be used in situations where no prior knowledge exists of the out-of-control causes and the resulting proportion defectives.     

The development of robot art

Going through a few examples of robot artists who are recognized worldwide, we try to analyze the deepest meaning of what is called “robot art” and the related art field definition. We also try to highlight its well-marked borders, such as kinetic sculptures, kinetic art, cyber art, and cyberpunk. A brief excursion into the importance of the context, the message, and its semiotics is also provided, case by case, together with a few hints on the history of this discipline in the light of an artistic perspective. Therefore, the aim of this article is to try to summarize the main characteristics that might classify robot art as a unique and innovative discipline, and to track down some of the principles by which a robotic artifact can or cannot be considered an art piece in terms of social, cultural, and strictly artistic interest. This work was presented in part at the 13th International Symposium on Artificial Life and Robotics, Oita, Japan, January 31–February 2, 2008     

Explanation and prediction: an architecture for default and abductive reasoning

Although there are many arguments that logic is an appropriate tool for artificial intelligence, there has been a perceived problem with the monotonicity of classical logic. This paper elaborates on the idea that reasoning should be viewed as theory formation where logic tells us the consequences of our assumptions. The two activities of predicting what is expected to be true and explaining observations are considered in a simple theory formation framework. Properties of each activity are discussed, along with a number of proposals as to what should be predicted or accepted as reasonable explanations. An architecture is proposed to combine explanation and prediction into one coherent framework. Algorithms used to implement the system as well as examples from a running implementation are given.     

Three Process Perspectives: Organizations, Teams, and People

This paper provides the author's personal views and perspectives on software process improvement. Starting with his first work on technology assessment in IBM over 20 years ago, Watts Humphrey describes the process improvement work he has been directly involved in. This includes the development of the early process assessment methods, the original design of the CMM, and the introduction of the Personal Software Process (PSP)^SM and Team Software Process (TSP){^SM}. In addition to describing the original motivation for this work, the author also reviews many of the problems he and his associates encountered and why they solved them the way they did. He also comments on the outstanding issues and likely directions for future work. Finally, this work has built on the experiences and contributions of many people. Mr. Humphrey only describes work that he was personally involved in and he names many of the key contributors. However, so many people have been involved in this work that a full list of the important participants would be impractical.     

基于复小波噪声方差显著修正的SAR图像去噪

提出了一种基于复小波域统计建模与噪声方差估计显著性修正相结合的合成孔径雷达(Synthetic Aperture Radar,SAR)图像斑点噪声滤波方法。该方法首先通过对数变换将乘性噪声模型转化为加性噪声模型,然后对变换后的图像进行双树复小波变换(Dualtree Complex Wavelet Transform,DCWT),并对复数小波系数的统计分布进行建模。在此先验分布的基础上,通过运用贝叶斯估计方法从含噪系数中恢复原始系数,达到滤除噪声的目的。实验结果表明该方法在去除噪声的同时保留了图像的细节信息,取得了很好的降噪效果。     

How do children do mathematics with LOGO?

Abstract  This paper considers some results of a study designed to investigate the kinds of mathematical activity undertaken by children (aged between 8 and 11) as they learned to program in LOGO. A model of learning modes is proposed, which attempts to describe the ways in which children used and acquired understanding of the programming/mathematical concepts involved. The remainder of the paper is concerned with discussing the validity and limitations of the model, and its implications for further research and curriculum development.